I'm trying to configure Apache to write to a mounted Samba share. I have successfully configured Samba server, mounted the share on the client and I am able to write to the share as the Apache user. Apache gets Permission denied errors when it tries to write.

I'm tailing the Samba log on the Samba server. I'm able to see a log entry when I create a test file. However the log doesn't show any entries when Apache tries to write to the share on Server B and gets a Permission denied error.

Any ideas how I can possibly troubleshoot this would be greatly appreciated.

"Permission denied error" - that should give you pretty much a hint. Double check all the permissions that you set in the smb config and the way your scripts are executed from apache who has the ownership and what are the rights for that owner/group ?
–
RichardJun 6 '12 at 8:34

All permissions on Samba server side checkout. I can logged in as the user Apache is running as write to share on the client. Apache gets Permission denied. From what I can tell CIFS on the client side has own permissions check. I am able to turn it off, but that allows anyone to write, which is undesirable.
–
Aleksandr VladimirskiyJun 6 '12 at 9:19

Do you know if SELinux or AppArmor is activated? They could prevent Apache from writing in area not specified in the configuration of the mentioned system security features. Check in /var/log/messages fo any related log message.
–
HuygensJun 6 '12 at 9:54

1 Answer
1

Anytime I have to trouble shoot "Access Denied" errors on Samba, there are three places I typically check to ensure the user has proper access. In this case, #3 might help you the most:

1.) If your environment allows it, call "setenforce 0" to test disabling SELinux. There have been many times I've troubleshot permission issues extensively only to find SELinux is preventing access. If this seems to be the problem, consider writing a conditional statement to allow the access that's needed.

2.) The Filesystem - log into the Linux box as the user and try to navigate to the path the share is pointed at. Once there, create a file, and create a directory. If you can do this without a problem, then there's a fairly good chance it's a Samba permissions problem.

3.) Samba - Samba generates a lot of logs depending on the log level. I've found log level 3 is usually sufficient, but if you need to, set "log level = 4" in smb.conf.

Inside the samba log directory, you should find a log for each host that has attempted to connect to a share. The host will be identified by either IP address or host name.

Tail the log for the host you are trying to connect from as you attempt whichever operation results in a "Permission Denied" error. You see very quickly where the users permissions are breaking down, whether its an incorrect password, a valid user exception, or a file system access denied error.

If this fails, you might try creating a wide open share and slowly restricting it more and more until access breaks.

And finally, in your specific case, you might double check the credentials Apache is using to access the Samba share ;)